Versions of GeForce Experience for Windows before 3.18 are open to a bug that can allow denial of service and remote code execution. The vulnerability (CVE 2019 5674) has a CVSS score of 8.8, making it high severity. It’s possible for a low-privileged user to create a symbolic link (a special kind of file that points to another file) between log files and any other system file; that in turn allows the user to overwrite the contents of that system file.
Source: https://threatpost.com/nvidia-geforce-experience-bug/143196/